New teeChartV2 versions' startup problem

TeeChart for Microsoft Visual Studio .NET, Xamarin Studio (Android, iOS & Forms) & Monodevelop.
Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Fri Jan 23, 2009 11:23 am

bairog,
bairog wrote: But why project compiled with teeChart 2.0.2795.29268 does not have that DNS requests?
Because that version of TeeChart.dll was not Digitally Signed.
bairog wrote: What do you mean? I don't have Steema Sertificate installed on my machine
I mean a TeeChart.dll signed with a valid (that is, that today's date lies between the start and end dates) Digital Certificate. You can check that by looking at the properties of TeeChart.dll.
bairog wrote: BTW My working day ends at 13 GMT
Well, if we don't resolve it today, we'll continue trying next week, no?
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Fri Jan 23, 2009 11:43 am

Chris wrote: 1) With access to a valid DNS server, does a TeeChart application with a valid Digital Certificate start without delay?

2) With access to a valid DNS server, does a TeeChart application without a valid Digital Certificate start without delay?

3) Without access to a valid DNS server, does a TeeChart application with a valid Digital Certificate start without delay?

4) Without access to a valid DNS server, does a TeeChart application without a valid Digital Certificate start without delay?
1)yes
2)yes
3)no
4)no

so sertificate date does not matter
Thank you.

Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Fri Jan 23, 2009 11:46 am

bairog,
bairog wrote:1)yes
2)yes
3)no
4)no

so sertificate date does not matter
Ok. Right, well how about doing something like this then?
Chris wrote: Mmm. Well, what you could do is create an "empty" UserControl and then sign it with a "fake" Digital Certificate to see if the problem occurs there. I could then create an "empty" UserControl and then sign it with Steema's Digital Certificate to see if the problem is specific to Steema's Digital Certificate or is general to all Digital Certificates.
What do you think?
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Fri Jan 23, 2009 12:17 pm

Chris wrote: Well, if we don't resolve it today, we'll continue trying next week, no?
Unfortunately I will have vacations till 1 Feb :(
Thank you.

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Fri Jan 23, 2009 12:20 pm

Chris wrote: Mmm. Well, what you could do is create an "empty" UserControl and then sign it with a "fake" Digital Certificate to see if the problem occurs there. I could then create an "empty" UserControl and then sign it with Steema's Digital Certificate to see if the problem is specific to Steema's Digital Certificate or is general to all Digital Certificates.
Finally done :)
My project have no DNS requests. So it looks like the problem is specific to Steema's Digital Certificate.
Becides I don't have my certificate installed ("Control Panel -> Internet Options -> Content -> Certificates")

My certificate and private key for it was created with makecert.exe and component library was signed with signtool.exe.
Thank you.

Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Fri Jan 23, 2009 12:26 pm

bairog,
bairog wrote: Finally done :)
My project have no DNS requests. So it looks like the problem is specific to Steema's Digital Certificate.
Becides I don't have my certificate installed ("Control Panel -> Internet Options -> Content -> Certificates")

My certificate and private key for it was created with makecert.exe and component library was signed with signtool.exe.
Great, well done! Ok, I'll make an empty UserControl with the Steema Certificate and send you a link so you can download it. I won't be able to do this for a while though, so maybe you won't be able to test it until you get back from holiday.

Have a good holiday, anyhow! Forget all about TeeChart and Digital Certificates (and forget about everything else, for that matter :wink: ) !
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Fri Jan 23, 2009 12:42 pm

Chris wrote: I won't be able to do this for a while though, so maybe you won't be able to test it until you get back from holiday.

Have a good holiday, anyhow! Forget all about TeeChart and Digital Certificates (and forget about everything else, for that matter :wink: ) !
Thanks.
For a while == how long? :)
I'm here for about 30 minutes.

UPDATE
I'm going home. We will continue in Feb :)
Thank you.

Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Fri Jan 23, 2009 2:31 pm

bairog,
bairog wrote: UPDATE
I'm going home. We will continue in Feb :)
Ok. All the testfiles in question can be downloaded from here.

WindowsFormsControlLibrary1.dll is an "empty" UserControl which has been signed with the Steema Digital Certificate. The code used for signing this control can be found in signtool.bat.

WindowsFormsControlLibrary2.dll is an "empty" UserControl which has been signed with a Dummy Digital Certificate. The process of making this certificate is as follows:
1) run makecert.bat to create DummySteema.cer and DummySteema.pvk
2) run Cert2spc.bat to create DummySteema.spc
3) run create_pfx.bat to create DummySteema.pfx
WindowsFormsControlLibrary2.dll was then signed using signtool2.bat.

Do either of these controls, when run in a container application, cause the unwanted DNS traffic to occur?
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Mon Feb 02, 2009 6:55 am

Chris wrote: Do either of these controls, when run in a container application, cause the unwanted DNS traffic to occur?
First one does, but second doesn't. To tell you the truth using WindowsFormsControlLibrary2.dll in my project raised FileNotFoundException :? , so I created dummy component library WindowsControlLibrary1.dll by myself.
After that it was signed using signtool2.bat (signtool command line still the same) and DummySteema.pfx that you gave me:

Code: Select all

cd "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin"
pause
signtool sign /v /f "d:\cert\DummySteema.pfx" /p dummy /d "TeeChart for .NET v3" /du "http://www.steema.com" /t "http://timestamp.verisign.com/scripts/timstamp.dll" "d:\cert\WindowsControlLibrary1.dll"
pause
HERE is a link to WindowsControlLibrary1.dll.

So it looks like something is wrong with Steema Digital Certificate :(
Thank you.

Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Mon Feb 02, 2009 4:29 pm

bairog,

Hope you had a good holiday :D
bairog wrote: So it looks like something is wrong with Steema Digital Certificate :(


Well, "wrong" from your point of view, certainly. Whether or not the behaviour is by design remains to be seen. We're trying to contact the provider of our Digital Certificate to try to get some technical support on the issue. Of course, we'll let you know what happens!

Just to say thank you once again for all of the patient help you've given us with this issue. Certainly we would be nowhere without it!
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

bairog
Newbie
Newbie
Posts: 72
Joined: Fri Jul 07, 2006 12:00 am
Location: Moscow, Russia
Contact:

Post by bairog » Mon Feb 02, 2009 6:04 pm

You are welcome :)
Thank you.

Christopher
Site Admin
Site Admin
Posts: 1349
Joined: Thu Jan 01, 1970 12:00 am
Location: Riudellots de la Selva, Catalonia
Contact:

Post by Christopher » Tue Feb 03, 2009 12:20 pm

bairog,

Good news. I have a definitive answer for you. Here it is:
http://www.tech-archive.net/Archive/Off ... 00057.html

I'll paste in the relevant reply below, for future reference:
Hello Dave,

Microsoft Office uses some of the security settings set by Microsoft
Internet Explorer when it attempts to authenticate certificates of trust
prior to use, even if the certificate is already accepted and present on a
user's computer. Each time an Office application attempts to run an
executable signed with an attached certificate, some events occurs if the
Check for publisher's certificate revocation check box is set to checked in
the Internet Explorer Advanced settings dialog (See
http://office.microsoft.com/en-us/ork20 ... 81033.aspx).

The issue arises because the .NET Common Language Runtime (CLR) uses the
Public Key Infrastructure (PKI) system found on Windows systems and on an
isolated network. When .net framework is verifying a digitally signed
assembly, it requires downloading the CRL (certificate revocation list)
from the Certificate provider. The certificate checking mechanism times out
after a certain number of attempts to servers that host the CRL. The .NET
CLR loads the assembly after all the re-tries are completed, which shows up
as a 15 seconds delay. That is why it takes a long time to load your office
add-in. This behavior is by design.

This problem would occur with any .NET assemblies that are code signed
(http://msdn2.microsoft.com/en-us/library/ms537361.aspx) with a digital
certificate. A code-signed assembly is different from a strong-named one
(see http://conferences.codegear.com/cn/article/32226 ) . Code signing
assemblies is recommend because it makes components tamper-proof and
ensures users know the identity of the component publisher. Therefore we do
not suggest that you remove the code sign of your dlls.

The workarounds include:
1. uncheck the "Check for publisher's certificate revocation" in IE. By
disabling the CRL checking, you are not exposed to a security threat.
2. You could manually download the CRL and install in on the system. But
the CRL is valid only for 10-15 days.
3. it is possible to programmatically set the CRL verification. When the
'Check for publisher's certificate revocation' is unchecked, a setting in
the registry is changed. To turn off CRL verification, set
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust
Providers\Software Publishing\State from 0x00023c00 to 0x00023e00. To turn
CRL Checking on again, reset the State key to 0x00023c00

Please let me know if you have any other concerns, or need anything else.

Sincerely,
Jialiang Ge (jialge@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

=================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
=================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Thank you!

Christopher Ireland (Steema crew)
Please be aware of the newsgroup archives:
http://www.teechart.net/support/search.php
http://groups.google.com
http://codenewsfast.com/

Daniel Ruehmer
Newbie
Newbie
Posts: 13
Joined: Thu Nov 02, 2006 12:00 am
Location: Germany

Post by Daniel Ruehmer » Tue Feb 03, 2009 2:40 pm

bairog,

I posted some thoughts in my thread. Maybe you're interested:

http://www.teechart.net/support/viewtop ... 7429#37429

Cheers
Daniel

Post Reply